Raid 10 500GB array, standard windows 7 x64 install, drive encryption Restore volume header -> embedded in the volume = no luck Mount without pre-boot authentication = no luck Tried to restore truecrypt bootloader with other systems TC recovery cd = no luck No recovery cd saved. I know the password. Failed 1-2 drives, raid array failed can't boot anymore. Drives replaced, did a rebuild but somehow I don't get the bootloader. Installed win7 on another hdd to try and do recovery from there. a) anything I can try? b) How to find the right offset to look for TC header? >>>> PICS <<<< I tried a few offsets and made a few 2MB test.tc files with winhex but no luck (incorrect pw) I have installed win7 on another hdd, and am working from there do recovery. Any thoughts?
The array just contains data, right? It's not a bootable operating system? In that case there will be no TrueCrypt bootloader and no bootable recovery cd, as those items only apply to system (i.e. operating system) encryption. Also, the "mount without preboot authentication" command doesn't apply. There should, however, be an embedded backup header. I don't see any partitions listed on your problem drive, but the presence of plaintext data tells me that you probably used to have one. Did the accident destroy your partition table? If I understand your situation correctly then your TrueCrypt header (if it's still intact) will be located at the very beginning of what used to be your partition, although at this point it's merely in free space. I'm not sure where the first partition would begin on a RAID-10 array, but on a single disk you would want to look at offset 1048576 (decimal).
Hi Dantz, the array is a boot-able win7 x64 operating system. What happened to the array is still a bit of a mystery, one drive failed and another was/got probably corrupted / hw failure. After replacing the 2 drives the array was restored but I lost the Truecrypt bootloader /partitions? and have the previously stated state. I tried various offsets to try and find my Truecrypt header but no luck so far. I also tried to create 2 new partitions 100mb + rest without drive letter and without formatting the "drive" in windows and try to find the Truecrypt header but no luck so far. Do you know any offsets that I may be able to test? Any help is very much welcome and very much appreciated.
If you had your rescue disk you could use it to restore the TC bootloader and the volume header. Do you have any data backups that might include the "TrueCrypt Rescue Disk.iso" file? You could use that file to build another rescue disk.
Hi Dantz, No backups in this case, I'm investigating the location of the Truecrypt header on my raid10 setup. I have take 4 new drives (4x250gb), made a new raid10 array = 1x 500hdd, I then installed win7x64 on this raid10 array and then after the windows install I did a system encryption with Truecrypt 7.1a. This gives me a working setup to try and find the truecrypt header (if I find it on a working setup, then maybe I can find it on my broken raid10 setup), so far I have been unsuccessful, can someone point me out what sector/ofset my 100% working header might be located? http://i.imgur.com/8xMOU9d.png If I understand it correctly if I take the header +2MB I can then test the testfile in truecrypt to see if the password is accepted?
RAID10 is a stripe of mirrors: 1) disks a and b are mirrored; 2) disks c and d are mirrored; and then 3) the two mirrored pairs are striped. Which two of the four disks failed? If it was a and b, or c and d, the data is gone. Otherwise, there should have been no data loss.
I have yet to determine the cause, and I don't have many hopes of finding the initial cause, no software install/updates had been run, no raid hw failures, no power supply issue, all it took was a reboot of the system and my password was not accepted anymore. I'm trying to determine if something, anything messed up the partition layout on my drives, hoping to maybe find an intact header somewhere, for this purpose, I have made a new identical running raid10 setup with the same win7 install trying to find the header on a running 100% working install, but to my own surprise I can't find it in the usual offsets mentioned on this board. I want to find the header and look at the same offset on my damaged raid10 setup.
I don't understand. You say "no raid hw failures", but previously you wrote: Which two drives did you replace? That is, what were their roles in the RAID10 array? If they were both members of either mirrored pair, you're wasting your time trying to find the TrueCrypt volume.
